A General Framework for Architecture Composability

Architectures depict design principles: paradigms that can be understood by all, allow thinking on a higher plane and avoiding low-level mistakes. They provide means for ensuring correctness by construction by enforcing global properties characterizing the coordination between components. An architecture can be considered as an operator A that, applied to a set of components B, builds a composite component A(B) meeting a characteristic property Φ. Architecture composability is a basic and common problem faced by system designers. In this paper, we propose a formal and general framework for architecture composability based on an associative, commutative and idempotent architecture composition operator ⊕. The main result is that if two architectures A1 and A2 enforce respectively safety properties Φ1 and Φ2 , the architecture A1 ⊕ A2 enforces the property Φ1 ∧ Φ2 , that is both properties are preserved by architecture composition. We also establish preservation of liveness properties by architecture composition. The presented results are illustrated by a running example and a case study

Architecture Diagrams: A Graphical Language for Architecture Style Specification

Architecture styles characterise families of architectures sharing common characteristics. We have recently proposed configuration logics for architecture style specification. In this paper, we study a graphical notation to enhance readability and easiness of expression. We study simple architecture diagrams and a more expressive extension, interval architecture diagrams. For each type of diagrams, we present its semantics, a set of necessary and sufficient consistency conditions and a method that allows to characterise compositionally the specified architectures. We provide several examples illustrating the application of the results. We also present a polynomial-time algorithm for checking that a given architecture conforms to the architecture style specified by a diagram.Comment: In Proceedings ICE 2016, arXiv:1608.0313

Relating BIP and Reo

Coordination languages simplify design and development of concurrent systems. Particularly, exogenous coordination languages, like BIP and Reo, enable system designers to express the interactions among components in a system explicitly. In this paper we establish a formal relation between BI(P) (i.e., BIP without the priority layer) and Reo, by defining transformations between their semantic models. We show that these transformations preserve all properties expressible in a common semantics. This formal relation comprises the basis for a solid comparison and consolidation of the fundamental coordination concepts behind these two languages. Moreover, this basis offers translations that enable users of either language to benefit from the toolchains of the other.Comment: In Proceedings ICE 2015, arXiv:1508.0459

Architectures: Design patterns for component-based systems

Architectures depict design principles, paradigms that can be understood by all, allow thinking on a higher plane and avoiding low-level mistakes. They provide means for ensuring correctness by construction by enforcing global properties characterizing the coordination between components. An architecture can be considered as an operator A that, applied to a set of components B, builds a composite component A(B) meeting a characteristic property P. A theory of architectures must address several fundamental questions: 1. How does one model the architectures? In many existing approaches, architecture description is limited to drawing the structure of the system by connecting boxes with lines. A rigorous theory requires a formal definition of their operational semantics. 2. How does one specify the architectures? Characteristic properties of architectures must be clearly stated, understandable and verifiable by engineers. Specifications must be sufficiently versatile for the architectures to be applicable to a variety of components. 3. How does one combine architectures? Composition of architectures must preserve their respective characteristic properties. 4. How does one efficiently implement architectures? The cost of raising the abstraction level is the coordination overhead entailed by any centralised framework imposing the operational semantics. This can be reduced by applying transformation techniques to internalise and distribute the coordination constraints. We propose a formal and general framework for studying architectures. In particular, composability is based on an associative, commutative and idempotent architecture composition operator. The main result is that if two architectures A1 and A2 enforce respectively state invariants P1 and P2 , the composed architecture enforces the state invariant P1 & P2, that is both invariants are preserved by architecture composition. We also discuss preservation of liveness properties and internalisation of architectures

Robust Software Development for University-Built Satellites

Satellites and other complex systems now become more and more software dependent. Even nano satellites have complexity that can be compared to scientific instruments launched to Mars. COTS components and subsystems may now be purchased to support payload development. On the contrary, the software has to be adapted to the the new payload and, consequently, hardware architecture selected for the satellite. There is not a rigorous and robust way to design software for CubeSats or small satellites yet. In this paper, we will briefly review some existing systems and present our approach, which based on Behaviour-Interaction-Priority (BIP) framework. We will describe our experience in implementing fight software simulation and testing in the Swiss CubETH CubeSat project. We will conclude with lessons learned and future utilization of BIP for hardware testing and simulation

Using SMT engine to generate Symbolic Automata

International audienceOpen pNets are used to model the behaviour of open systems , both synchronous or asynchronous, expressed in various calculi or languages. They are endowed with a symbolic operational semantics in terms of so-called "Open Automata". This allows us to check properties of such systems in a compositional manner. We implement an algorithm computing these semantics, building predicates expressing the synchronization conditions between the events of the pNet subsystems. Checking such predicates requires symbolic reasoning over first order logics, but also over application-specific data. We use the Z3 SMT engine to check satisfiability of the predicates, and prune the open automaton of its unsatisfiable transitions. As an industrial oriented use-case, we use so-called "architectures" for BIP systems, that have been used in the framework of an ESA project and to specify the control software of a nanosatellite at the EPFL Space Engineering Center. We use pNets to encode a BIP architecture extended with explicit data, and compute its open automaton semantics. This automaton may be used to prove be-havioural properties; we give 2 examples, a safety and a liveness property

Exogenous Coordination of Concurrent Software Components with JavaBIP

A strong separation of concerns is necessary in order to make the design of domain-specific functional components independent from cross-cutting concerns, such as concurrent access to the shared resources of the execution platform. Native coordination mechanisms, such as locks and monitors, allow developers to address these issues. However, such solutions are not modular, they are complex to design, debug and maintain. We present the JavaBIP framework that allows developers to think on a higher level of abstraction and clearly separate the functional and coordination aspects of the system behavior. It implements the principles of the BIP component framework rooted in rigorous operational semantics. It allows the coordination of existing concurrent software components in an exogenous manner, relying exclusively on annotations, component APIs and external specification files. We introduce the annotation and specification syntax of JavaBIP and illustrate its use on realistic examples; present the architecture of our implementation, which is modular and easily extensible; provide and discuss performance evaluation results

Architecture-based Design: A Satellite On-Board Software Case Study

In this case study, we apply the architecture-based design approach to the control software of the CubETH satellite. Architectures are a means for ensuring global coordination properties and thus, achieving correctness of complex systems by construction. The design approach comprises three main steps: 1) definition of a domain-specific taxonomy of architecture styles; 2) design of the software model by applying architectures to enforce the required properties; 3) deadlock-freedom analysis of the resulting model. We provide a taxonomy of architecture styles for satellite on-board software, formally defined by architecture diagrams in the BIP component-based framework. We show how architectures are instantiated from the diagrams and applied to a set of atomic components. Deadlock-freedom of the resulting model is verified using the DFinder tool from the BIP tool-set. Finally, we provide additional validation of our approach by using the nuXmv model checker to verify that the properties enforced by the architectures are, indeed, satisfied in the resulting software model